Lucene search
+L

219 matches found

OSV
OSV
added 2025/02/10 8:25 p.m.12 views

GHSA-7723-35V7-QCXW Server-Side Request Forgery (SSRF) in activitypub_federation

Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. Details The Webfinger endpoint takes a remote domain for checking accounts as a...

4CVSS4.7AI score0.00406EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/12/20 3:47 p.m.11 views

CVE-2024-12840

...

5.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/12/02 3:56 p.m.5 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/21 9:29 a.m.10 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
CVE
CVE
added 2024/09/18 4:55 p.m.91 views

CVE-2024-46990

Summary: CVE-2024-46990 affects Directus where blocking localhost via the default 0.0.0.0 filter can be bypassed using other loopback addresses (e.g., 127.0.0.2–127.127.127.127). Vulnerability details (supported by connected docs): Directus real-time API and app dashboard fails to restrict access...

5CVSS5.4AI score0.00463EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/05 6:33 a.m.5 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/08/29 3:20 a.m.3 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
OSV
OSV
added 2024/06/28 12:15 p.m.6 views

CVE-2024-5736

Server Side Request Forgery SSRF vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0...

7.5CVSS5.8AI score0.01515EPSS
Exploits3References5
Cvelist
Cvelist
added 2024/06/28 11:26 a.m.48 views

CVE-2024-5736 SSRF in AdmirorFrames Joomla! Extension

Server Side Request Forgery SSRF vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0...

8.2CVSS0.01515EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.7 views

PT-2024-37112 · Joomla · Admirorframes

Name of the Vulnerable Software and Affected Versions: AdmirorFrames versions prior to 5.0 Description: The issue is related to a Server Side Request Forgery SSRF vulnerability in the AdmirorFrames Joomla! extension, specifically in the afGdStream.php script. This vulnerability allows access to...

8.2CVSS6.5AI score0.01515EPSS
Exploits3References7
OSV
OSV
added 2024/06/06 6:15 p.m.3 views

CVE-2024-5482

A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...

9.8CVSS5.9AI score0.0065EPSS
Exploits1References1
OSV
OSV
added 2024/06/05 12:15 a.m.6 views

CVE-2024-4084

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...

7.5CVSS7.1AI score0.00487EPSS
Exploits1References1
Amazon
Amazon
added 2024/05/03 12:0 a.m.5 views

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

8CVSS6.5AI score0.00318EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/21 4:47 p.m.26 views

CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the...

7.4CVSS6.2AI score0.01209EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2024/02/17 3:21 a.m.2 views

SUSE CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

7.1CVSS5.5AI score0.00318EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-9733

An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a...

9.8CVSS7.3AI score0.53879EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.6 views

PT-2023-28994 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: This issue affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhos...

7.1CVSS6.7AI score0.00326EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.10 views

PT-2023-28993 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/v2/pkgs/tools/installed". A user who can perform HTTP requests to the localhost interface, or bypass the CORS configuration, can escalate privileges to...

7.8CVSS7.6AI score0.00211EPSS
Exploits0References10
OSV
OSV
added 2023/09/08 1:27 p.m.22 views

GHSA-3Q5P-3558-364F Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`

Impact This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. In it's...

5.3CVSS5AI score0.00531EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/08 12:0 a.m.7 views

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.49.1 that stems from not properly restricting access to localhost, which could allow an unauthorized attacker to access resources supplied to the localhost only...

5.3CVSS6.7AI score0.00531EPSS
Exploits0References5
Rows per page
Query Builder